Types of rules, Sample rules and firmware – Force10 Networks PSeries 100-00055-01 User Manual

18

Introduction

Figure 3

illustrates how all matched packets are copied and transmitted by mirror ports.

Figure 3

F

or

w

ar

ding Engine

D

et

ec

tion Engine

Packet Data

PCI-X Module

P

ack

et Data

D

e

vic
e A
cc

ess

C

onfig C

ommands

P

ack

et Data

State Table

Rx1

Tx1

Rx0
Tx0

Mirror 1

Mirror 0

Match Result

figindex 006

Logic Diagram of Traffic Flow in the P10 DPI

Types of Rules

Two types of rules can be uploaded to the FPGA:

•

Static rules: Static rules are compiled to become part of the firmware and are mapped directly into
logic gates. Static rules can be set to capture/not capture and block/not block individually, but they
cannot be changed once they have been loaded into the FPGA.

•

Dynamic rules: Dynamic rules are programmed at runtime in the DPI hardware registers and can be
configured without changing the firmware. These rules (like static rules) can be disabled/enabled
individually.

Sample Rules and Firmware

The P10 includes sample rules files in the pnic-compiler/rules directory. You can browse these files in
order to become more familiar with Snort syntax or creating rules files; you can also generate firmware
from these files at your discretion.

Note: Mirroring is automatically enabled when the mirroring port is connected to another network device.
Mirroring is not controlled through the CLI.